Actually, I think what it does is get your credit card details. You have to buy Mac Defender to clean the supposed malware it's found. And once they've got your credit card, they take you to the cleaners.

There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.

From Apple ][ - to new Mac Pro I've owned them all.Long on AAPL so biased"Google doesn't sell you anything, Google just sells you!"

If it takes one button click to install it, then it should, as an OSX function, take one button click to uninstall it.

On install, OSX should be identifying all the installed pieces and files. Users should never have to figure a 'procedure' for finding them.

Freeze should stop the app from running plus any processes.

Uninstall should tell you what it wants to remove: The app, preferences, and also files created - you choose.

This should never get as far as support, except to ask what the app is.

I do wish Apple was more on top of their installed apps. If an app has an installer you can often use Show Log to see where the files will be placed, but it’s ultimately pointless since launching the program can add files elsewhere in your system.

AppTrap does a decent job of running quietly in the background and then finding pieces of apps that you choose to through in the trash. Since I don’t throw many apps out I leave it turned off until I want to use it.

I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.

Malware is not fatal. I can see Apple's position on this. Apple service personnel are not trained in diagnosing or removing viruses and malware. In this case even investigating the problem might expose the technician to explicit images that they probably would rather not be required to view.

I think the password screen could be improved significantly - including info about WHAT is being installed - or WHERE - etc - not that the writer of the virus couldn't get creative with it - but some sort of way to see more info - or maybe even some sort of Verify button that would check a security certificate or something.

Not saying that I have an answer here - but if a browser can block phising and alerts me when there are missing or invalid certificates - then the installer ought to be able to do something to at least provide more information about what it is doing.

i'm surprised NOT ONE PERSON here even mentioned this: APPLE IS REMOVING JAVA from the OS when LION is released in the WILD!!! so these types of Java Runtime apps will not get installed on to your MAC ANYMORE!! see the link at the bottom of this post:

No Java runtime

Also missing from Lion is a preinstalled Java runtime capable of executing "100% pure" Java apps. There are few examples of Java desktop apps in the wild, so most users won't notice. Not bundling the runtime will erase a large number of security vulnerabilities from the reported list of issues related to Mac OS X going forward however, as Java exists as a parallel platform to Apple's native Cocoa.

When users attempt to run a Java app, Lion offers to look online for a version it can install, and will download and install a slightly newer version than is currently available for Snow Leopard today (1.6.0_24-b07-329, rather than 1.6.0_22-b04-307).

Apple announced earlier that it would be working with Oracle to divest itself of maintenance of the Java platform on Macs, setting up a new OpenJDK Project for Java on Mac OS X going forward, starting with the release of Java SE 7.

Apple noted that the Java runtime may be removed from future versions of its operating system, and it appears that will be the case with Lion, albeit with a rather painless install option for users who need it.

Ok, I apologize for saying you were trolling. I've just seen a lot of people making remarks that fit the pattern "Isn't that what so-and-so was for", in an attempt to snidely say it failed at that, when it really wasn't for that. I made a mistake in thinking you were doing the same thing. Sorry about that.

Apology accepted. I'm an iOS user (iPhone, iPad), but don't yet have a desktop Mac, though I will with my next purchase when my current PC (piece of crap) expires. I honestly thought that one of the reasons given for the Mac moving to an app store model was to curb the potential for this kind of mischief. I wasn't implying at all that it failed.

Like many vendors, Apple does some verification that the apps sold in their store meets their minimum quality standards. That's a far cry from doing any deep investigation or making any strong guarantees about the software. No vendor will ever guarantee you won't get malware from something in their store.

You say that Apple only does minimum quality checks. I'm not sure how you know this. I have heard they do quite vigorous automated checks of the executables to look for suspicious API calls. Whatever they're doing I have never heard of Malware appearing on the App Store.

Quote:

But more importantly, that isn't the only way to put software on your computer. There many ways to get software on your computer besides the Mac App Store, so even if it were perfect, it wouldn't stop malware from getting on your computer. Apple will never block other channels, because the Mac is a general purpose computer. This MACDefender is a case in point. It wasn't installed from the Mac App Store.

Yes there are many ways to get apps on your computer, but what are the typical malware vectors? Not CD/DVD which are typically commercial apps. Web downloads and email attachments are the main sources, and Safari and Mail already have knowledge of certain Mac Malware and block it.

Quote:

Malware is a consumer-centric problem, not a provider-centric problem. To even attempt to stop malware from getting installed on your computer, you need a solution that surrounds your computer. You need anti-virus software designed to run on your computer and monitor it, like all the traditional anti-virus programs out there. Even then, it is a never-ending battle between the virus makers and the virus defenders that must be vigilantly fought.

The Mac is not and will never be immune to malware because of the nature of general purpose computers. The battle just hasn't heated up yet on the Mac.

It could come to that, with the Mac requiring as full and invasive security software as Windows. But let's not jump the gun. So far the Mac has had very few exploits actually exploited in the wild. The main problem seems to be Trojans like this popping up every few months. So far things have been controlled by Apple making Safari recognise them. Let's see how things develop with the App Store in the next few years.

Apple's statement is perfectly correct. Mac OS X still has no known viral threats, and as this incident demonstrates you are pretty much only going to damage your machine if you explicitly tell the computer it's okay for it to do something it probably shouldn't.

Well over half of all the malware exploits on OS X are the result of vulnerabilities not in OS X itself, but in Adobe's Flash and also in Java. Hence, Apple has taken steps to ensure the latest version is in use (When it comes to Flash) and to simply remove the runtime altogether (At least as part of a native install) in the case of Java.

The fundamental problem is that computers are just machines - they don't understand the software they're running in the way a human understands things, so they can't tell what's malware and what isn't. Existing security software uses signatures and heuristics to identify malware but this is only as good as your virus definitions file which is why the industry is in a constant cat and mouse battle.

Apple has decided to fundamentally tackle the problem by putting a human in the loop. The user is not an acceptable candidate since they may be a layman, but a person on the server side (App Store) whose profession it is to do this type of activity has a much better chance.

Well over half of all the malware exploits on OS X are the result of vulnerabilities not in OS X itself, but in Adobe's Flash and also in Java. Hence, Apple has taken steps to ensure the latest version is in use (When it comes to Flash) and to simply remove the runtime altogether (At least as part of a native install) in the case of Java.

I do not believe there is any evidence to support your assertion. In fact, this article suggests that user error is probably the biggest security threat on the OS X platform and I would think javascript to be the second most exploited attack vector.

Lion has included a very minor, but important change to the windows you input your admin credentials. It won’t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.

They should change the wording of this - it sounds like your computer is telling you that you should go ahead and type your password. They should make it more neutral, or even more of a warning: "A program is trying to install software on your computer. If you are sure the software is safe and wish to install it, type in your password." And they could change the icon to a skull and crossbones with a question mark over it.

i'm surprised NOT ONE PERSON here even mentioned this: APPLE IS REMOVING JAVA from the OS when LION is released in the WILD!!! so these types of Java Runtime apps will not get installed on to your MAC ANYMORE!! see the link at the bottom of this post: ...

It's javascript that's the culprit here. Javascript has nothing to do with Java.
Lion will not be safer in this respect because javascript is used in every modern website, it's one of the pillars of the new web. Java on the other hand will die a slow death.

And they could change the icon to a skull and crossbones with a question mark over it.

That dialog is rather useless in my opinion. It's not actually asking the user for their password, it's asking for an admin password - the assumption being that the admin is a guru who will know what is safe.

But it's just a holdover from the server origins of OS X - in reality there never is an admin, so you are trusting a layman to decide what's safe to install which is a flawed model. In that sense the App Store gives every Apple customer access to an admin.

I work in the UK for a large PC repair shop. We see tons of malware on windows machines daily, which is incredibly difficult to get rid of or remove.

This piece of malware/virus is a complete joke. A few weeks ago we had our first customer come in with this. I was pretty shocked, but then when i looked at how stupid this program was compared to the ones you get in windows, I just shook my head.

To remove the malware you simply bring up activity monitor, disable "Macdefender", go to finder, drag the "MacDefender" app into the trash and restart the computer. You might want to take it out of login items from users as well. But that's it.

It's so easy to remove.

It's not a virus. It's simply another app, which the user agrees to install and then it comes up and pretends you are infected. It really makes me LOL.

I do not believe there is any evidence to support your assertion. In fact, this article suggests that user error is probably the biggest security threat on the OS X platform and I would think javascript to be the second most exploited attack vector.

If I'm not mistaken, it was the infamous Charlie Miller that stated that Flash was the largest security threat on any platform... or maybe one of his compatriots at SecCom? Too lazy to Goggle it myself...be my guest.

Knowing what you are talking about would help you understand why you are so wrong. By "Realistic" - AI Forum Member

I work in the UK for a large PC repair shop. We see tons of malware on windows machines daily, which is incredibly difficult to get rid of or remove.

This piece of malware/virus is a complete joke. A few weeks ago we had our first customer come in with this. I was pretty shocked, but then when i looked at how stupid this program was compared to the ones you get in windows, I just shook my head.

To remove the malware you simply bring up activity monitor, disable "Macdefender", go to finder, drag the "MacDefender" app into the trash and restart the computer. You might want to take it out of login items from users as well. But that's it.

It's so easy to remove.

It's not a virus. It's simply another app, which the user agrees to install and then it comes up and pretends you are infected. It really makes me LOL.

Yes, I was trying to remove malware from my Mom's PC and it was very cunning in hiding itself compared to the amateur stuff coming Apple's way. This slightly supports the security through obscurity argument, but only time will tell.

One things that's missing here is for the OS to be doing its real job - both OSX and Windows.

The OS must know the provenance of every object in its system. So if we point at an app, then we can grab all its files, processes, etc without having to google it and hope someone has been there before.

Apple could do a *lot* to protect its users, through good OS design, long before we get to anti-malware tools.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

Isn't this the kind of problem the Mac App Store is designed to defend against?

Exactly, the same people fighting the app store & ragging on it are the same people that hate the closed ecosystem of iPhone/iPad/iPod. Spyware & malware can be easily avoided if users take some time to actually care about what they do on the web, unfortunately most people are to busy to educate themselves until it is too late.

In addition drag & drop apps should be outright banned, it's time companies like Mozilla learned to use the package builder that comes free with every single OS X install disk!

Just out of curiosity, if someone knows your admin username and password, can an app install itself, or is that security window manual entry only?

Depends on if you are already running malware. If not then no, manual entry required.

The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.

Depends on if you are already running malware. If not then no, manual entry required.

The real issue with this malware is that Safari's default settings are open "safe" files after downloading, this should have never been a feature in the first place. Whoever made the decision to have that as a feature in Safari should get a HUGE F- on security. First thing I always do is disable this feature in Safari.

The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.

Many of the most important software concepts were invented in the 70s and forgotten in the 80s.

This is no different than the Leap-A situation in 2006, and the iWork trojan situation in 2009.

At this rate, that alleged vast ocean of OS X malware will hit our shores around 2050.

This is a non-event. Like it's been over the past decade: the 2 or 3 year mark hits since the last time, the media and everyone and their dog are all over it, we're told that this is the end, etc. Then we forget about it all until about 2 or 3 years later.

The reason I was curious about the admin login is it seems to me Apple should have an admin account and password set up during the default setup process. So many users run their user account as admin because no-one ever told them otherwise. So even if Apple created an admin account with a password of the user's birth year, it would still offer some basic protection for naive users. Otherwise they'd never even see the admin login (?), which is even worse.

The setup process requires you to make an administrator account. But note that even if you run as an administrator you don't have administrator rights. So each time an action is required like installing software, access to your keychain etc., your rights must be elevated via a manual entry. This - in essence - makes it very hard to write a virus for the Mac even if you have an administrator password.

As others have said, it's a dmg with an installer script, and Safari trusts both of those (since they're essentially data).

Still you have to do a *lot* of dumb stuff to make the attack work. You have to:

- ignore the makepackage jumping up and down on the dock
- click on it
- give it your admin credentials
- let it "scan" your hard drive
- click on the button to buy it (which actually steals your info)

I know lots of people do it, but the bottom line is you are an idiot to do this stuff and it doesn't matter if it's mac or windows really as those idiots exist on all platforms.

The head of the finance department did this where I work, which is kinda funny.

I have no idea if these guys have any agenda or are completely on the up and up. Posting it as reference only as it does add some additional info to what's going on with the MacDefender malware and similar variants. Note that an iPad malware version is expected according to the article.

Yes, I was trying to remove malware from my Mom's PC and it was very cunning in hiding itself compared to the amateur stuff coming Apple's way. This slightly supports the security through obscurity argument, but only time will tell.

One things that's missing here is for the OS to be doing its real job - both OSX and Windows.

The OS must know the provenance of every object in its system. So if we point at an app, then we can grab all its files, processes, etc without having to google it and hope someone has been there before.

Apple could do a *lot* to protect its users, through good OS design, long before we get to anti-malware tools.

It's not security through obscurity, it's security through a 40 year old backend that was last hit by a major virus 20 years ago.

This is also NOT a virus it is malware, specifically a trojan which is NOT a virus. A virus cannot be written for UNIX because it needs to have a number of factors to propagate itself, all of which Mac OS X / *NIX do not allow.

They need to be able to access parts of the system automatically such as services. This isn't allowed by *NIX systems without a username and password therefore infection is only at the hand of the user. It then needs to be able to automatically send e-mails to propagate itself on other systems. Technically possible if it can access the system which returns me back to the username and password thing which is also generally encrypted on many *NIX systems.

On the otherhand an application can be run simply by viewing a webpage which would bring up an OK/Cancel dialog box which most people just simply click OK. It then hides itself in the system from view and does whatever the hell it wants.

There is HUGE money to be made with Windows security tools not because there are more Windows machines but because it is so easy to exploit and essentially blackmail people.

There are plenty of switchers out there these days who are pre conditioned to expect such things from their PC days who could fall for this.

Macs are no better in that regard. Software Update, "This application was downloaded from the internet" warnings, iTunes usage agreements, etc. Honestly, even the admin info window helps to train the user to not pay attention to the messages that pop up on screen.

Computer users on any OS are quickly trained to just click through everything with the hope they might actually get to the point they wanted to reach.

So the one thing missing in this story is what MACDefender actually does once it's installed. Anyone know?

Much like any Rogue Antivirus software, it pops up a bunch of virus alerts of "viruses" on your computer. It also blocks internet access. To remove it, simply go to the Activity Viewer in the utilities folder, hit the processes tab and quit the process called "MacDefender" then simply delete the "MacDefender" Application installed in the applications folder.

In order for the application to install to begin with you have to give it permission, so if you get infected, really who can you blame?

Only those who listened to those Windows crowd who believe anti virus is essential is going to get burned by this malware. Ironic, isn't it. If you don't believe Mac need these stupid scanner, you never won't install this malware in the first place.

I take issue with Apple's position above. This is akin to a doctor finding cancer in a patient and being instructed by his hospital employer not to say anything. It's malpractice. Perhaps he's not allowed to operate on the cancer but it's a duty to inform a patient that something is wrong if they are unaware. Apple is pure fail on this point.

You have a good point. But I think the problem is that the telephone rep can not be sure one way, or the other, and Apple is trying to prevent the reps from attempting to determine if there is or is not malware, and then possibly being wrong. They probably should be saying "We can't tell one way or the other, Mr. Customer, but you may want to see a specialist."

Where is Snow Leopard's malware/virus/trojan protection at in all this?? Is Apple going to release an update to detect this?

It's partly Apple's fault for having the "open safe files after downloading" feature is Safari. That feature is just asking for this kind of attack.

The videos on Youtube show a .mpkg file being automatically downloaded and opened with the installer. Basically a guy does a Google image search, clicks on "show full image," and boom, the .mpkg file downloads and opens automatically without user intervention.

That seems like a dubious "feature" for a web browser, to say the least.

Why did Apple classify .mpkg flies as "safe" files anyway?

The "open safe files automatically" feature should go away - it leaves you wide open to any bug where a "maliciously crafted .doc (or .whatever) file can lead to arbitrary code execution." The ability for JavaScript to initiate unrequested downloads doesn't help either.

Pretty dick move to tell your support people to just ignore the issue and tell the customers that apple does not help with removing malware. I really hope the tech support guys dont listen or at least point the users in the right direction. Hell it would be awesome if they recorded a step by step removal guide and simply mentioned a URL shortener to get to that guide.

Lion has included a very minor, but important change to the windows you input your admin credentials. It won’t stop the ignorant from foolishly installing items but having the button now state the action it will take is a good movie, albeit a minor one.